Privilege escalation in Linux kernel amdkfd driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-26817 |
| CWE-ID | CWE-190 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Integer overflow
EUVDB-ID: #VU88544
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26817
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the kfd_ioctl_get_process_apertures_new() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751
http://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0
http://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91
http://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad
http://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a
http://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7
http://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a
http://git.kernel.org/stable/c/3b0daecfeac0103aba8b293df07a0cbaf8b43f29
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
